Secure traveling sjhs journey to the cloud version 2.0 approved
1. Secure Traveling- St. Joseph Health System Journey to the Cloud
Diane Tyo, Manager Technical Systems, St. Joseph Health System
Feisal Nanji, Interim Chief Security Officer, St. Joseph Health System, and Exec. Director Techumen LLC
2. Session Objectives
• Describe the St. Joseph Health System
• Illustrate why we embarked on this journey
• Summarize the St. Joseph Health System journey
to the cloud
• Review key challenges overcome
• Outline security issues that we will face
DISCLAIMER: The views and opinions expressed in this presentation are those of the
author and do not necessarily represent official policy or position of HIMSS.
2
3. St. Joseph Health System
Profile
• Established in 1982, St. Joseph Health System (SJHS) is a
not-for-profit, integrated Catholic health care delivery
system that is sponsored by the St. Joseph Health Ministry
• 14 acute care hospital system based in Orange, California
and organized into three regions – Northern California,
Southern California and West Texas/Eastern New Mexico.
• 3,769 beds
• 24,000 + employees
3
4. SJHS Infrastructure
• 2 main data centers
– Anaheim, CA
– Lubbock, TX
• 10 local ministry server rooms
– Southern CA -Northern CA
– Eureka -Texas
4
5. Why and how we started
• Reduce costs
– Hardware -Maintenance
– Power -HVAC
– Floor Space
• Physical server count before VMware
– CA 1,325
– TX 343
• Zero virtual servers
5
6. Where we are today
St. Joseph Health System Server Environment
SoCal NoCal HUM Texas
% of % of Enterprise
VM Phy % of VM VM Phy VM VM Phy % of VM VM Phy VM Average
September 703 845 45% 169 231 42% 65 64 50% 357 302 54%
October 822 828 50% 173 221 44% 66 58 53% 373 298 56% 59%
November 738 676 52% 174 142 55% 72 62 54% 411 194 68%
December 798 651 55% 174 138 56% 72 56 56% 431 168 72%
• Physical servers = 1,013
• Virtual servers = 1,475
6
7. Key challenges we faced
• Storage costs
• Enterprise backup
• Change thinking of application owners
• Proving a successful, user non-impacting P2V
process
• Determining what could be virtualized
7
8. Lessons learned along the way
• Associate a value to virtual servers
• Create an SLA for creation or P2V
• Changing the thinking of management
– Costs
– Backups
– Maintenance
8
9. How far can we go?
• 85% virtual environment in 2012 is our goal
• Replication of VM environments across data
centers
• “Bare Metal” Restores
9
10. Where do we want to go:
• Genuine hybrid cloud based environment:
– Computing capability on demand
– Resource pooling – storage, CPU
– Rapid deployment and scaling of IT services
– Easy measurement of what’s been used
– Self service provisioning by business users
10
11. Challenges we will face
• Standardize commonly repeated operating
procedures
• Fully automated deployment and management
• Self-service provisioning for users of certain services
• Network redundancy
• Data center moves /expansion
• Security and privacy
• Getting business areas / customers/ separate
hospitals ready to share the same infrastructure
(Business process challenges)
11
12. Business Process Challenges -
Preventing Virtual sprawl
• Developing relationship maps as a broad and deep,
fine-grained view of what exists in our virtualized
environment.
• Need to explore configuration items (CIs) from layer
2 through layer 7 of the Open System
Interconnection (OSI) model.
12
13. Detailed map contains device and
application-specific information:
• Databases, including their components such as
tablespaces and users
• J2EE or .NET components and their interdependencies
• Web servers such as IIS and Apache
• Windows, UNIX, Linux, and other platforms
• Servers and server resources: CPUs, memory, and
network interfaces
• Routers, switches, load balancers, switch ports, virtual
local area networks (VLANs), and firewalls
• Storage elements like arrays, logical disks, and storage
area network (SAN) interconnectivity
13
14. Security concerns of the cloud
• Where is the data?
• Who can see the data?
• Who has seen the data?
• Has data been tampered with?
• Where is the processing performed?
• How is the processing configured?
• Does backup happen? How? Where?
14
15. Key Security Technical Concerns
• Auditing and monitoring tools
• Enterprise security policies will need to match logical
and not physical attributes
• Network access control and Intrusion prevention
• Application security
• Identity Management ( Both people and Web
services)
• Root kit detection and Virtual Machine threats
(emerging area)
15
16. Virtual Machine Threats
• Hyper-jacking: Attacks targeted at subverting or layering a rogue
hypervisor on a virtual server
• VM Escape: An exploit that enables a hacker to move from within a
VM to the hypervisor
• VM Hopping: An instance in which one VM is able to gain access to
another VM
• VM Theft: Unauthorized acquisition of a file containing VM
• VM Sprawl: The proliferation of virtualized server workloads
16
17. Summary
• Long and winding road
• Security and privacy vital, different and
continuously changing
• Business Process challenges are not to be
underestimated
DISCLAIMER: The views and opinions expressed in this presentation are those of the
author and do not necessarily represent official policy or position of HIMSS.
17
18. Secure Traveling-
St. Joseph Health System Journey to the Cloud
• Diane Tyo, SJHS Manager Infrastructure -- Diane.Tyo@stjoe.Org
• Feisal Nanji, Interim Chief Security Officer, SJHS , and Exec. Director
Techumen LLC Feisal.Nanji@stjoe.org or Feisal@techumen.com
18